University of Cambridge > > Isaac Newton Institute Seminar Series > Storage encryption and key management

Storage encryption and key management

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Mustapha Amrani.

Semantics and Syntax: A Legacy of Alan Turing

Data encryption has become a key requirement for enterprise storage systems. As a consequence of this I have looked into storage encryption methods and contributed to several storage security products at IBM . Research has formulated the notion of tweakable encryption modes, which specifically address a requirement of storage encryption. On the other hand, practitioners have used specific key-wrapping modes for a long time before researchers came up with a formal notion. We highlight where and how they are used. The biggest concern in storage encryption are cryptographic keys, which must be maintained securely and reliably. Users struggle with the key-management problem because operating procedures and formats differ across systems. When multiple users access a key server, its interface must be designed with special consideration for cryptographic relations among keys. Cryptographic hardware-security modules (HSMs) face the same problem. Some logical attacks through the key-management operations of HSMs have been reported in the past, which allowed to expose keys merely by exploiting their interfaces in unexpected ways. We show how to model the security of key-management systems formally and protect them from interface attacks. This work originates in the context of creating the OASIS Key Management Interoperability Protocol (KMIP), a new open standard for enterprise-level key management.

This talk is part of the Isaac Newton Institute Seminar Series series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.


© 2006-2021, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity